Saturday, September 20, 2008

Over the past couple of days, a person who claims to have been the hacker has done something very stupid, given that he or she is the subject of an FBI investigation: bragging about how the deed was pulled off. The hacker used personal information about the Alaska governor and vice presidential candidate that has been made public recently — like where she met her husband — to trick Yahoo into reassigning the password to the hacker.

Early reports about the hacking had attributed it to a decentralized group of pranksters called Anonymous (read a great story about Anonymous here). But now newspapers and Internet sites are focusing on the son of Tennessee State Rep. Mike Kernell. The elder Mr. Kernell’s non-denial denial appears in the Knoxville News Sentinel.

Just one thought - this isn't a feat of hacking, this is a textbook example of Social Engineering. Social engineering is better compared to pushing a con or simply being a silver-tongued devil. Hacking is the art of taking machines - either the virtual or physical or both - and building something new, if not ingenious.

As any good social engineer will tell you, bragging or even placing yourself anywhere near the story is the surest way to get nailed. Only the stupid admit to SE attacks.

Obviously, now that a Democrat has been directly involved, the emphasis of the story has shifted to politics of the lowest common denominator. Which is highly unfortunate, because when Anonymous was involved as the perpetrator, the essence of the story was, 1) how most of us, including our politicians, have inadequate passwords and security protections, 2) how Gov. Palin so poorly managed the lines between state office and personal matters.